Issue 803734 link

Starred by 3 users

Issue metadata

Status:	Duplicate
Merged:	issue 615885
Owner:	----
Closed:	Jan 2018
Components:	Blink>SecurityFeature>ContentSecurityPolicy
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
Arch-x86_64 Via-Wizard-API

HTTPS content that 301s to HTTP does not upgrade even when Content-Security-Policy: upgrade-insecure-requests is active

Reported by seandenn...@gmail.com, Jan 19 2018

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.99 Safari/537.36

Steps to reproduce the problem:
1. If a page with a CSP of upgrade-insecure-requests
2. Request https resource that 301s to http content

What is the expected behavior?
301'd http request is upgraded to https, or is denied if https is not supported

What went wrong?
301'd request was not upgraded and http resource was fetched

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 64.0.3282.99  Channel: beta
OS Version: 10.0
Flash Version:

Comment 1 by krajshree@chromium.org, Jan 19 2018

Labels: Needs-Triage-M64

Comment 2 by kapishnikov@chromium.org, Jan 19 2018

Components: Blink>SecurityFeature>ContentSecurityPolicy

Comment 3 by andypaicu@chromium.org, Jan 22 2018

Mergedinto: 615885
Status: Duplicate (was: Unconfirmed)

Unfortunately this is a know issue still.

Closing in favor of  crbug.com/615885

Comment 4 by andypaicu@chromium.org, Jan 22 2018

Labels: -Needs-Triage-M64

►

Issue 803734 link

Issue metadata

HTTPS content that 301s to HTTP does not upgrade even when Content-Security-Policy: upgrade-insecure-requests is active

Issue description

Comment 1 by krajshree@chromium.org, Jan 19 2018

Comment 1 Deleted

Comment 2 by kapishnikov@chromium.org, Jan 19 2018

Comment 2 Deleted

Comment 3 by andypaicu@chromium.org, Jan 22 2018

Comment 3 Deleted

Comment 4 by andypaicu@chromium.org, Jan 22 2018

Comment 4 Deleted

Sign in to add a comment